You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Prevent silent downgrade attacks during channel binding negotiation via unsupported certificate algorithms. GHSA-p9jg-fcr6-3mhf
Harden memory security by explicitly zeroing out highly sensitive cryptographic keys (saltedPassword, clientKey, and serverKey) immediately following the client final message exchange to prevent lingering material in heap memory.
๐ New features
Implement an interrupt-aware implementation of the PBKDF2 'hi' function introducing ScramInterruptedException, utilizing a stride-based check to allow long-running cryptographic operations to safely abort without blocking thread shutdown.
Introduce .channelBindingPolicy() to the client builder to explicitly configure DISABLE, ALLOW (default), and REQUIRE enforcement modes.
Introduce MechanismNegotiationException and ChannelBindingException runtime exception hierarchy to provide granular, precise failure types for driver integration loops instead of relying on generic IllegalArgumentException throws.
Add support for RSASSA-PSS server certificate signature extraction to ensure modern cryptographic algorithms are supported during tls-server-end-point channel binding computations.
Add support for SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS SASL mechanisms to provide modern NIST SHA-3 hashing standards with higher cryptographic resilience against length-extension attacks (supported on modern JVMs only).
๐๏ธ Improvements
Update the saslprep dependency to 2.4.
Updated internal Maven plugins and project dependencies to their latest stable versions.